<?php
/**
  * @version $Id: wp-comments-post.php,v 0.15 2007/08/07 11:55:55 visualweb Exp $ 
  * @package com_mojo
  * @copyright (c) 1guywebdesign.com 
  * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL 
  *
  *	included patches to fix vulnerability in older ver--kdm
  */
var_dump('rework wpcommentspost');
define( '_VALID_MOS', 1 );
// CHANGE TO:: abspath --kdm
	include_once( '../../globals.php' );
	require_once( '../../configuration.php' );
	require_once( '../../includes/joomla.php' );

global $mosConfig_absolute_path, $mosConfig_live_site, $database;

$mainframe = new mosMainFrame( $database, isset($option), '.' );
$mainframe->initSession();
$my = $mainframe->getUser();

$user=null;
if ($my->id) {
	$query = "SELECT *"
	. "\n FROM #__users"
	. "\n WHERE id = ". intval( $my->id )
	;
	$database->setQuery( $query );
	$database->loadObject($user);
}

require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php');

nocache_headers();
$comment_post_ID = (int) $_POST['comment_post_ID'];
$status=null;
$database->setQuery("SELECT post_status, comment_status FROM #__wp_posts WHERE ID = '$comment_post_ID'");

$database->loadObject($status);

if ( empty($status->comment_status) ) {
	do_action('comment_id_not_found', $comment_post_ID);
	exit;
} elseif ( 'closed' ==  $status->comment_status ) {
	do_action('comment_closed', $comment_post_ID);
	die( __('Sorry, comments are closed for this item.') );
} elseif ( 'draft' == $status->post_status ) {
	do_action('comment_on_draft', $comment_post_ID);
	exit;
}

$comment_author       = trim($_POST['author']);
$comment_author_email = trim($_POST['email']);
$comment_author_url   = trim($_POST['url']);
$comment_content      = trim($_POST['comment']);

// If the user is logged in
get_currentuserinfo();
if ( $my->id ) :
	$comment_author       = addslashes($my->username);
	$comment_author_email = addslashes($my->email);
	$comment_author_url   = addslashes('');
	$user_ID = $my->id;
else :
	if ( get_option('comment_registration') )
		die( __('Sorry, you must be logged in to post a comment.') );
endif;

$comment_type = '';

if ( get_settings('require_name_email') && !$my->id ) {
	if ( 6 > strlen($comment_author_email) || '' == $comment_author )
		die( __('Error: please fill the required fields (name, email).') );
	elseif ( !is_wp_email($comment_author_email))
		die( __('Error: please enter a valid email address.') );
}

if ( '' == $comment_content )
	die( __('Error: please type a comment.') );

$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');

wp_new_comment( $commentdata );

if ( !$user_ID ) :
	setcookie('comment_author_' . COOKIEHASH, stripslashes($comment_author), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
	setcookie('comment_author_email_' . COOKIEHASH, stripslashes($comment_author_email), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
	setcookie('comment_author_url_' . COOKIEHASH, stripslashes($comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
endif;

$location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to']; 

wp_redirect( $location );

?>